Ethical Wall Best Practice Tips

The Ethical Wall policy rule base is ordered from top to bottom.

More inclusive rules should be on top and less inclusive on the bottom.

Each policy rule can define if the configured feature is allowed, blocked or not set.

If a feature is not set the policy engine will go the next in order policy rule and get the configuration from that rule. 

If no rules are set - the default policy will be in effect.

Same logic is applied to the policy condition, if the condition is matched on the first rule from the top, the policy will be enforced, if not the engine will continue to the next rule.

For this reason, you should configure policies by user above policies by domain.

This will allow the Ethical Wall Policy Engine to calculate the policies and build a large cache that it will use when the system will go to live mode. The policies should be valid policies, to build a cache that will reflect the actual use case of Ethical Wall.

To know if the learning mode had learned enough - go to the "Ethical Wall Learning Cache" Report in the Access Portal (/admin/ewcachereport).

The Ethical Wall Policy Engine re-calculates a cached policy if it not longer valid. The calculation validity time period is defined in the Access Portal Ethical Wall Settings (/admin/settings?category=settings_federation_webservice_category_header). 

It is recommended to keep this value as high as possible. The re-calculation is a resource consuming task, that s usually done routinely by the Housekeeping Service and the interval could be configured in Ethical Wall calculation operation interval (minutes) in the Housekeeping Settings (/admin/settings?category=settings_housekeeping_service_category_header).

The Ethical Wall Policy Engine fetches the policy in order to calculate it. It's recommended this value is not set too low to avoid bottle-necks.